It’s not really related to who generated the token (it’s a pretty standard JWT OIDC token), but to who holds the token. There is simply no feature right now in the XWiki OIDC Authenticator to validate tokens with the configured provider, as I said it’s an XWiki OIDC Provider feature so it’s obviously not going to ask another provider to validate the token.